On April 29, 2026, Lookout announced the launch of Lookout AI Visibility & Governance, a mobile-native extension of its security platform that brings much-needed visibility and control over AI activity on both corporate-managed and bring-your-own-device (BYOD) endpoints. As organizations push AI adoption deeper into daily workflows, a significant portion of that activity now happens on mobile devices — places where legacy discovery tools and governance frameworks have historically had weak or no coverage. Lookout’s new capability aims to close this gap by providing real-time inventory of AI apps, insight into agentic behavior, and enforceable guardrails directly at the device layer.
“AI adoption is accelerating faster than most organizations can see or control, especially on mobile devices, where AI activity often operates outside traditional corporate boundaries and remains largely invisible, With the launch of Lookout AI Visibility & Governance, we’re closing that gap, giving organizations the ability to see, understand, and govern AI usage at the mobile layer, bringing mobile AI activity out of the shadows into full visibility and control.”
Jim Dolce, CEO of Lookout
A recent survey of CISOs and senior security leaders commissioned by Lookout underscores the urgency. Nearly 60% of organizations reported they cannot monitor AI activity on mobile devices. Another 68% lack visibility into the workflows and permissions used by autonomous AI agents running on those devices. And 72% cannot even identify AI software development kits (SDKs) embedded inside the mobile apps their employees rely on every day. These blind spots create real exposure around unintended data sharing, unauthorized agent actions, and compliance violations, especially as employees mix personal AI tools with work-related tasks on the same device.
Key Terms
Shadow AI: Unsanctioned AI applications and agents used without security or governance oversight.
Agentic Behavior Monitoring: Continuous analysis of autonomous AI actions and permission usage on mobile.
Mobile AI Visibility: Real-time discovery and inventory of all AI apps and SDKs across devices.
Intelligent Data Guardrails: Real-time policy enforcement to prevent sensitive data from reaching unsanctioned AI services.
Automated Compliance Alignment: Generation of audit evidence mapped to EU AI Act, NIST AI RMF, and ISO/IEC 42001.
Conditions Driving This Launch
The rapid consumerization of AI has led employees to download and use powerful AI tools directly on their phones and tablets, frequently without IT approval or organizational awareness.
The emergence of autonomous AI agents, which can independently plan, act, and chain multiple actions, has expanded the risk surface into mobile environments where behavior is significantly harder to observe and control.
Stricter regulatory frameworks, including the EU AI Act, the NIST AI Risk Management Framework, and ISO/IEC 42001, now require organizations to demonstrate effective oversight and control over AI systems across all operating environments, explicitly including mobile devices.
Traditional security tools designed for laptops, servers, and cloud workloads lack deep visibility into mobile-specific AI interactions and embedded AI software development kits (SDKs).
The widespread adoption of hybrid work models and bring-your-own-device (BYOD) policies has blurred the boundaries between personal and corporate data, enabling sensitive information to flow unintentionally into unsanctioned AI services.
A recent survey of CISOs and senior security leaders revealed critical blind spots, with nearly 60% of organizations unable to monitor AI activity on mobile devices, 68% lacking visibility into autonomous AI agent workflows and permissions, and 72% unable to identify embedded AI SDKs in everyday mobile apps.
Collectively, these converging pressures have created an urgent need for mobile-native visibility and governance capabilities that extend beyond basic device protection to address AI-specific risks at the device layer.
What Mobile AI Security and Governance Looked Like Before
Prior to this launch, mobile AI security and governance remained fragmented and incomplete. Most organizations focused their AI oversight efforts on laptops, cloud platforms, and enterprise SaaS tools, leaving mobile devices as a secondary or overlooked concern. Discovery of AI usage depended on coarse app-level controls or manual reviews that could not keep pace with the speed of new AI apps and updates.
When autonomous agents appeared on phones, security teams had almost no practical way to monitor their workflows, permission usage, or decision-making patterns in real time. Data protection relied on broad policies that were difficult to enforce at the moment of interaction on a mobile device. Compliance teams often produced reports based on incomplete data because mobile AI activity stayed largely invisible. Traditional endpoint protection solutions excelled at malware and phishing defense but offered limited insight into how AI apps or agents handled sensitive data.
The result was a growing disconnect: enterprises invested heavily in AI productivity while accepting significant unknown risk on the devices employees use most frequently for both work and personal tasks. Shadow AI thrived in this environment, and incidents were typically discovered only after data had already left the organization.
What Mobile AI Security and Governance Looks Like Now
With the introduction of Lookout AI Visibility & Governance, the picture changes significantly. The solution delivers a real-time inventory of both sanctioned and unsanctioned AI applications across the entire mobile fleet, exposing previously hidden shadow AI usage. It continuously monitors agentic behavior, mapping permissions and workflows to detect when autonomous agents attempt unauthorized actions or access sensitive data. Intelligent data guardrails now operate in real time, blocking attempts to send sensitive information to unsanctioned AI services and preventing exfiltration at the point of interaction.
The capability integrates natively into Lookout’s existing mobile security platform, acting as a force multiplier that extends protection from basic device security all the way to AI-driven interactions. Additionally, the solution automatically generates audit-ready evidence aligned with the EU AI Act, NIST AI RMF, and ISO/IEC 42001, helping organizations move from reactive compliance to proactive demonstration of control. Security teams gain actionable visibility where it was previously missing, while compliance and risk teams receive the traceability needed for regulators and internal audits. This brings mobile AI activity out of the shadows and into governed, manageable territory without sacrificing the speed and convenience users expect.
Our Take
AI Security Take
Lookout’s launch of AI Visibility & Governance makes it clear that effective AI security and governance must now extend fully to the mobile layer. As AI tools and autonomous agents become everyday parts of work, the devices employees carry everywhere represent one of the largest and least-controlled risk surfaces. Solutions that stop at laptops or cloud environments leave dangerous gaps where shadow AI and rogue agent behavior can thrive undetected. By combining real-time discovery, behavioral monitoring, and enforceable guardrails in a mobile-native package, Lookout is helping organizations close that exact gap and treat mobile AI activity with the same seriousness as other enterprise systems. This approach strengthens overall defense by making previously invisible risks visible and controllable.
If your teams are grappling with shadow AI on mobile devices, struggling to monitor agentic activity, or preparing for stricter regulatory scrutiny, head to the GAIG marketplace right now. Compare the platforms that deliver strong mobile-aware visibility, runtime controls, and comprehensive governance capabilities so you can secure AI wherever your workforce actually operates.
